SYSTEM ACCESS MANAGEMENT (STAFF) POLICY AND PROCEDURE

boompikeInternet and Web Development

Dec 8, 2013 (3 years and 11 months ago)

92 views


SYSTEM ACCESS MANAGEMENT
(STAFF) POLICY AND PROCEDURE

PO-STA-22

CRICOS Code 02664K
PO-STA-22 Page 1 of 2 Issue 1, August 2012
Purpose and Scope
The purpose of the policy and procedure is to define those who have authority to access various ICT
systems of Wesley Institute that require identity management (usually involving usernames and passwords)
and those who will manage the processes of adding, changing, suspending and deactivating their access.
Objectives
• Completeness – to ensure all those, who ought to have access to systems, do so, in order to
optimize productivity of personnel and the efficiency of the organization;
• Containment – to ensure no one, who ought not have access to systems, does so, in order to
provide security for systems of Wesley Institute and protect the privacy of the individuals; and
• Complementarity – to ensure that future options are not impeded by present decisions, particularly
around usernames and passwords, in order that continual improvement will simplify access issues
(extension of existing SSO, for instance), in that staff will have less credentials to remember.
Definitions
• System Access Management (Staff) Electronic Request Form
This is a Microsoft Excel template for creating an Electronic Request Form used to manage requests
regarding staff system access management. It has pull-down menus and automatic error
correction.
• Staff
For this purpose, there are three sorts of staff: Permanent, Casual and Contractors (as defined by
Human Resources)
• Actions
For this purpose, there are four types of action: Add, Change, Suspend and Delete.
o Add – To add a new staff member to the system.
o Change – To change, usually increase, the number of systems a staff member can access.
o Suspend – To deactivate, usually because of extended leave.
o Delete – To remove departing staff member from all the systems.
• Requester
There are two types of requester: Human Resources and all other Heads of Departments and
Schools.
Human Resources can request two actions: Add and Delete.
Heads of Departments and Schools can request two actions: Change and Suspend.
• System Managers
There are five managers of systems: Manager Finance, Accounts and Administration (MFAA), Dean
of Quality, Registrar, Director of Innovation and Development, and Marketing Manager.
o The MFAA manages two systems: WiFi and network access:

- WiFi – wireless access to the Internet on the Drummoyne campus, and
- Network access – the LAN using Microsoft Exchange (also providing Outlook).

o The Dean of Quality manages one system: the Staff Intranet.

PO-STA-22 Page 2 of 2 Issue 1, August 2012
o The Registrar manages two systems: Paradigm and Rapla:

- Paradigm, a Learning Management System, sometimes referred to as a Student
Management System, and
- Rapla, the Room Booking System, integrated into Paradigm.

o The Director of Innovation and Development manages three systems: Moodle, WIMA Email
and Alfresco:

- Moodle – Virtual Learning Environment (learn.wi.edu.au), and
- WIMA Email – Wesley Institute (all students and some staff members) email
application (mail.wima.edu.au), and
- Alfresco – the Learning Object Repository - version control and workflow management
(repository.wi.edu.au).

o The Marketing manages one system: The Wesley Institute website, using PLONE.
Exclusions
This policy specifically excludes MYOB, Payroll, and various Software as a Service (SaaS) products, such as
Zendesk and SurveyGizmo.
Responsibility
The following people have a responsibility in relation to this procedure:
• Human Resources (New and departing staff),
• Head of Department or School (Current staff),
• Manager Finance, Accounts & Admin (WiFi and network access),
• Dean of Quality (Staff Intranet),
• The Registrar (Paradigm and Rapla)
• Director of Innovation and Development (Moodle, WIMA Email and Alfresco)
• Marketing Manager (PLONE).
Policy Provisions
All the policies are imbedded within the System Access Management (Staff) Electronic Request Form.
Procedure
1. Create form from template (System Access Management Form).
2. Complete form onscreen.
3. Follow “Procedural Instructions” on the third page of the form.
Document Status
Author Director of Innovation and Development 24 August 2012
Approving Authority Management Committee 29 August 2012
Publication Issue 1 29 August 2012
Review Date Issue 1 29 August 2013